can botnets and email spoofing be stopped using the same methods

Posted on 2010-01-04
Last Modified: 2013-11-16
I am trying to write and report on botnets and email spoofing for my boss,but l am confused on wether  there  can be defended against in a similar manner in a network.
Question by:Go-micro
    LVL 4

    Accepted Solution

    email spoofing would be a method of delivering malicious software to a machine in order to add that machine to a botnet. the botnet would in turn send out those spoofed emails.
    email spoofing is now based more on social engineering than anything else. trying to convince the recipient of the spoofed email message that it is legitimate.
    The best defense against any email based threat would be to never open an email from someone you don't know. Use a web based email service and have scripting turned off in your browser when you are viewing your email. The web based email services provide some filtering and scripting protection but running firefox with the noscript plugin gives you control of what scripts can run in your browser.
    With scripting on it only takes one click to become infected.
    Check out the podcast SECURITY NOW with Steve Gibson episode 221 covers some of this.
    You can also search the episodes at
    Hope this helps
    LVL 33

    Assisted Solution

    by:Dave Howe
    Well, they are different (but sometimes related) things.

    Email spoofing is where the source of a message is deliberately faked; often, not only the sender "from" address, but the original source (by adding additional faked routing lines to the headers, as though it had already passed though several systems before being relayed on)

    Email spoofing is commonly associated with phishing (producing a fake email purporting to come from a bank or similar asking for your login details to be entered onto a website in order to gain access to your account)

    Botnets are machines "infected" by software which allows the person who initiated the infection to execute programs on the machine without its owner's permission. Usually they will "report in" to a controller (often an IRC server) to obtain orders and updated code, but sometimes they have their own mesh network to avoid authorities taking out an entire net by locating and removing the control site.

    One infection vector (and there are many) is an email, spoofed or not. One use of a botnet (and again, there are many) is to send out spam or spoofed emails via the email credentials of the infected machine's ISP account.

    Spoofed emails, virus emails and spam emails are the focus of an ongoing war between those who produce such, and those who wish to remove them from the email stream. There are a number of products out there to attempt this, and their success varies literally from day to day. One example would be the "ironport" email filtering host (which uses a combination of reputation filters, pattern matching and virus scanning to remove a significant proportion of bad mail) but that is just one example. non-commercial offerings include things like spamassassin and clamav.

    Botnets however are more how you defend against an infected machine (of any type) on your own network - its an internal host outbound, rather than a perimeter defense. Usually this is approached by behavioural monitoring - attempts to send out email, communicate with other workstations and write files to them, or connect to irc servers should be considered suspect (so intrusion detection/prevention here)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now